Security at all applicable levels is required in order to complete an action.

For example, in order to create a lead record, a user must authenticate (organization security) and must have create access to the lead object (object security). Field-level security will then determine which fields the user can view and modify.